ClawHub

tencent-cloud-article-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it asks for live Tencent Cloud session cookies and can immediately publish under the user’s account with weak safeguards.

Install only if you are comfortable giving the skill temporary access equivalent to your logged-in Tencent Cloud Developer session. Review the exact title, body, account, and destination before publishing, avoid placing cookies in command history or chat logs, and log out or rotate the session if the cookie may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs outbound network actions to a live publication API but does not declare corresponding permissions. This creates a transparency and governance gap: users and platforms cannot clearly see that the skill can transmit article content and authentication material off-platform for immediate posting.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation phrase “帮我发到腾讯云” is fairly generic and could plausibly occur in normal conversation, causing the skill to trigger unexpectedly. In a skill that publishes content using authenticated cookies, unintended activation could lead to accidental posting or disclosure of sensitive draft content.

Missing User Warnings

High
Confidence
96% confidence
Finding
The README instructs users to manually extract multiple live authentication cookie values and concatenate them for use by the tool, but provides no prominent warning that these are account credentials. This encourages unsafe credential handling, increasing the risk of account takeover if the cookies are copied into logs, shell history, screenshots, or shared with an agent or third-party system.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documented command passes raw session cookies as a command-line argument, which is especially dangerous because command-line parameters are often exposed through shell history, process listings, terminal logs, and automation transcripts. Since the skill uses those cookies to publish on behalf of the user, exposure could allow unauthorized posting or full session abuse against the Tencent Cloud developer account.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase "帮我发布文章到腾讯云" is broad enough to match ordinary conversational requests, which could cause the skill to activate before the user has fully understood the consequences. In this skill, accidental activation is more dangerous because the action is external, authenticated, and can immediately publish content under the user's account.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description says the skill can publish directly via API, but it does not clearly warn that both article content and authentication cookies will be transmitted to a remote service and may result in immediate account actions. Because publication is immediate and authenticated, omission of this warning materially increases the risk of uninformed consent and accidental account misuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
The workflow instructs users to share live authentication cookies via private message without a strong warning that these are account credentials equivalent to session tokens. If intercepted, mishandled, or reused, these cookies could allow unauthorized posting or other account actions on Tencent Cloud Community.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs collection of authentication cookies through a natural-language conversation flow. This is dangerous because chat systems may log, retain, summarize, or expose sensitive credentials beyond the immediate task, turning a simple publishing helper into a credential-handling channel.

External Transmission

Medium
Category
Data Exfiltration
Content
"closeTextLink": 0
    }
    
    resp = requests.post(url, headers=headers, json=payload, timeout=15)
    result = resp.json()
    
    if "articleId" in result:
Confidence
95% confidence
Finding
requests.post(url, headers=headers, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal